CVE-2024-30939 is a vulnerability identified in the Yealink VP59 Teams Edition IP phone, specifically in firmware version 91.15.0.118. The flaw resides in the factory reset procedure, which can be manipulated by an attacker physically near the device to gain unauthorized control over an account on the device. This vulnerability is classified under CWE-287, indicating an authentication bypass or improper authentication issue. The CVSS v3.1 base score is 6.8, reflecting a medium severity level. The attack vector is physical (AV:P), with low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning an attacker can fully compromise the device and its data. The vulnerability does not require network access or prior authentication, but physical proximity is mandatory, limiting remote exploitation. No patches or mitigations are currently published, and no active exploitation has been reported. This vulnerability poses a significant risk in environments where devices are accessible to unauthorized individuals.

The vulnerability allows an attacker with physical access to the Yealink VP59 Teams Edition device to bypass authentication controls during the factory reset process and gain full control over an account. This can lead to unauthorized access to sensitive communications, manipulation or disruption of device functionality, and potential lateral movement within an organization's network. The compromise of these devices could result in interception of confidential voice communications, disruption of business operations, and loss of trust in communication infrastructure. Organizations with widespread deployment of these devices in semi-public or unsecured locations face increased risk. The requirement for physical proximity limits the scope but does not eliminate the threat, especially in environments such as offices, conference rooms, or shared workspaces where physical security may be insufficient.

Organizations should implement strict physical security controls to prevent unauthorized access to Yealink VP59 Teams Edition devices, including securing devices in locked rooms or enclosures and monitoring physical access. Until a firmware patch is released, consider disabling or restricting factory reset functionality if possible. Network segmentation should be employed to limit the impact of a compromised device. Regularly audit device configurations and logs for signs of tampering. Educate staff about the risks of physical device access and enforce policies to prevent unauthorized personnel from approaching or interacting with communication devices. Once Yealink releases a firmware update addressing this vulnerability, promptly apply the patch. Additionally, consider deploying endpoint detection solutions capable of identifying anomalous device behavior indicative of compromise.